The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Security token error when submitting on custom page
Go to: http://saleage.com/fileupload.php
Enter a integer in and click next... Then I get: Quote:
|
#2
|
||||
|
||||
Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.
|
#3
|
|||
|
|||
Quote:
Also this is weird, I went to the page logged out and it worked, but when logged in I get the security token error. |
#4
|
||||
|
||||
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
|
#5
|
|||
|
|||
Quote:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" /> <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" /> Possible to set a variable in templates so I can get it from php? |
#6
|
||||
|
||||
Well, since the page is asking for it, it obviously wants it. You must have something in the code that is expecting to use it.
|
#7
|
||||
|
||||
Hi guys,
I am aware of the comment Quote:
see example on to right of www.physiolive.com Can someone provide a little more details about this security token? Is it dynamic? Is there something I can pass with the search that is a default value so that this will always work? Or is this a page that I can exempt in the vbulletin code from requiring the search token. It seems weird as guests can search my forum so I am wondering why this token is required. Any more detailed comment would be great Many thanks |
#8
|
||||
|
||||
You can read up on this here - Implementing CSRF Protection in modifications
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|